WorldLII [Home] [Databases] [WorldLII] [Search] [Feedback]

EPIC --- Privacy and Human Rights Report

You are here:  WorldLII >> Databases >> EPIC --- Privacy and Human Rights Report >> 2006 >>

[Database Search] [Name Search] [Recent Documents] [Noteup] [Help]

EPIC --- Privacy and Human Rights Report 2006

Title Page Previous Next Contents | Country Reports >Second Life

Second Life

The Jurisdiction

Second Life is a virtual world created by Linden Lab, a private corporation physically located in the United States. It opened in 2003 and, by official numbers, currently has a population of more than 7.7 million “resident”[4357] avatars, 61 percent of which are European[4358] and over one million of whom accessed the virtual environment during June 2007.[4359] According to recent estimates, over ten thousand people per day register to become Second Life residents.[4360] “Virtual existence” in Second Life implicates real privacy issues, both online and offline, for avatars and their users. In-world concerns include anonymity and reputation of avatars, and the ability to control who is watching, and when. Avatars may be subject to surveillance by Linden Lab, marketers, and perhaps even law enforcement, linking online and offline identities and behavior in ways that users are often unaware.

In addition to being noteworthy for its size, Second Life is unique because, unlike most online virtual worlds, Second Life is not a “game” per se. Whereas most online worlds are centered on a content-driven plot delivered by the world’s developer, Second Life is more akin to a virtual three-dimensional canvas wherein users can interact with objects created by other users. For example, Second Life residents can purchase virtual land on which they can construct whatever they wish.[4361] Ultimately, the purpose of Second Life is to provide users with an entertaining platform that facilitates social interaction between residents.[4362]

Although the participation of the average Second Life resident is often motivated by a desire to have fun, the world also has a significant economic aspect. Second Life users that buy property can create structures to place on that property.[4363] Even those Second Life users that do not own property, however, can, by means of a built-in toolkit, create objects within the virtual world.[4364] Residents who create virtual objects retain intellectual property rights in their creations and are able to sell them to other users for Linden dollars (Linden$ or L$), the Second Life currency.[4365] Furthermore, Linden Lab allows users to market their Linden dollars and sell them for real currency.[4366] According to Second Life Exchange, a prominent third party market participant, as of early July 2007, the current exchange rate is approximately 275 Linden dollars to 1 US dollar.[4367] Linden Lab runs its own Linden dollar exchange called Lindex. According to Linden’s Lindex market data, between April and July 2007, the exchange rate between Linden dollars and US dollars has consistently hovered around a ratio of 270 to 1[4368] and approximately 241,000 U.S. dollars changes hands daily in exchange for virtual currency.[4369]

Second Life’s capacity to act as a platform for almost any interest allows a resident’s in-world activities to mirror their everyday activities. While a user’s activities in most virtual worlds are strictly defined by the plot and content delivered by the world’s developer, a Second Life resident is free to design his own in-world experience. It may not be surprising that in Second Life it can be easier to find a dance club, casino, shopping mall,[4370] or even a karaoke bar[4371] than a battlefield where one can fight monsters.

Due to the nature of virtual worlds, what a resident chooses to do in Second Life, whether alone or in the company of other residents, is never free from the view of Linden Lab. Despite this, Second Life residents may feel that the apparent anonymity inherent in online activities and virtual worlds wherein their actual identities are insulated from public scrutiny, is a license to engage in some activities that they would normally avoid in their everyday lives. Indeed, activities such as virtual prostitution[4372] and drug use[4373] are increasingly common in Second Life. “In their second lives, people dare take risks they would never dream of taking in their first life. In particular, people can develop parts of their identity that they dare not develop in real life.”[4374]

Second Life residents are subject to targeted in-world advertising. Corporations and other real-world entities have long had an interest in having a presence in Second Life. Many corporations, including IBM,[4375] have opened virtual corporate headquarters within Second Life. In addition, a few countries, including Sweden,[4376] have set up embassies in the virtual world. A recent advertising push, however, goes beyond establishing a mere presence and instead allows corporations and other real world organizations, including political campaigns, to take an active role in the virtual environment. Although the advertising industry has examined ways to increase the visibility of virtual products within Second Life by optimizing search parameters, it has also taken steps to promote real products within the virtual world.[4377] Recently, AMPP Media, an advertising company, completed a deal with Linden that will allow it to place digital billboards within Second Life.[4378] Unlike normal billboards, however, the advertisements placed within Second Life have the power to serve ads contextually by scanning for keywords in public conversations in their area.[4379] These billboards are also capable of more advanced behavioral targeting that serves ads to individual residents based on an “interest profile,” which can include a resident’s user information (name and age of account), information on where a resident spends time in Second Life, and even what clothing and attachments a resident currently has on his avatar.[4380] The creation and retention of these interest profiles, just as in the real world, raises significant privacy concerns. These concerns, however, are especially grave in the context of a virtual environment where individuals’ perceived anonymity leads them to do things they may never consider in real life.

Data Protection Authority

Linden holds the personal data associated with Second Life users and is bound by applicable U.S. and foreign law. Although Linden sets forth a privacy policy which outlines the way in which the company collects, uses, and handles personal data, Linden is free to change this policy at any time and a resident’s continued use of the product, according to Linden, operates as consent to any changes made.[4381] Linden Lab does, however, provide users with an outlet for any privacy-related complaints and has established a mailing address and an email address specifically to handle user questions in this area.[4382] Unfortunately, the company does not publicize the number of privacy related complaints and comments it receives, nor the frequency with which it receives them.

Data Protection Framework

As Linden’s privacy policy is voluntary and subject to change,[4383] the only meaningful data protection framework to which residents’ personal data is subjected is the law of the country in which the data is stored. Given that the majority of Linden’s computing takes places within the United States, U.S. data protection law applies to the personal data stored by Linden. Linden makes explicit mention of this and communicates to Second Life residents that the protection of their data is subject to U.S. law.[4384]

Linden, as a corporate entity, must make certain that it does not commit unfair or deceptive trade practices and, in so doing, bring itself within the purview of the Federal Trade Commission’s section 5 authority.[4385] Although the FTC focuses primarily on telemarketing, spam, pretexting, and children’s privacy issues, the FTC has conducted enforcement action against corporations that do not abide by their own user agreements. The FTC maintains a list of its section 5 privacy-based enforcement actions,[4386] and a number of cases indicate the FTC’s willingness to initiate action against those companies that violate their privacy policies or terms of service.[4387]

According to Linden, Second Life’s privacy framework consists of two documents that govern Linden Lab’s use of user data: Second Life’s Privacy Policy[4388] and its Terms of Service.[4389] Linden collects and organizes a lot of data on Second Life users. This data includes information about a user’s computer hardware, Internet connection and all of the personal information generally associated with account registration (often including a user’s name, gender, and sufficient age information to verify that the user is eligible for registration). In addition, Linden tracks usage of customer service resources by its users and retains billing information associated with individual users.[4390] Linden claims that information related to a user’s computer and Internet connection are not personally identifiable to that user.[4391]

In addition to Second Life users, Linden collects information on seven other non-mutually exclusive categories: anonymous website visitors, registered website members, mailing list members, service beta users, former customers, those who respond to job postings, and individuals outside of the United States. For example, Linden

automatically logs the IP address of all visitors to In addition, Linden serves anonymous visitors cookies that track their usage of the site

Linden’s privacy policy does cover individuals who reside outside of the United States. Linden, however, warns these users that their data is subject to U.S. law and that, by using Linden-maintained websites or Second Life, these users consent to having their data transferred outside of their respective countries.[4393]

Linden Lab also maintains independent terms of service for Second Life users. These terms broadly cover the agreement a user makes with Linden in conjunction with using Second Life; only a few of the specific provisions implicate privacy concerns. Most importantly, Linden requires that users submit accurate personal information when they register for a Second Life account.[4394] Furthermore, Linden requires that users accurately verify their age so that Linden can screen the content delivered to younger users,[4395] and abide by the terms of the Children’s Online Privacy Protection Act (COPPA).[4396]

Upon registration for Second Life, Linden prompts a user for a variety of personal information. The registration process prompts the user for information in three phases. First, Linden asks the user to choose the name of his in-world representation and to provide his birthday and e-mail address.[4397] This e-mail address is used to activate the user account and the birthday is used for account security,[4398] and age verification.[4399] In the next step, after confirming the user’s age eligibility, Linden prompts the user for more extensive personal information. Here Linden asks the user for his first name, last name, gender, the country where he is located, to enter a security question and response (such as “what city were you born in?,” which may contain personal information), and to agree to the terms of service.[4400] In the final step, users are solicited to upgrade their Second Life account to Linden’s premium service.[4401] If a user chooses to make this upgrade, then the user is prompted for payment information, including title, first name, last name, address (including city and state), and credit card number.[4402] All information provided during the registration process must be real and accurate.[4403]

A user with only a single Second Life account is not, by default, required to pay any money,[4404] unless they want to own land,[4405] and Linden only needs a user’s personal information for payment purposes. As such, while it might behoove Linden to have sufficient information to determine whether a single person has registered multiple Second Life accounts,[4406] Linden could help protect the privacy of its users by only collecting personal information in conjunction with payment verification. By collecting personal information only when necessary, rather than doing so preventatively in order to guard against multiple account creation, Linden could mitigate the possible consequences of data breaches.

Use of Collected Data

Linden collects personal information and usage statistics relating to users to “maintain a high-quality customer experience and deliver superior customer service.”[4407] Linden claims that personal user information will not be disclosed unless required by law or if Linden believes, in good faith, that disclosure of information: a) is required to cooperate with legal process, b) necessary to protect and defend the rights or property of Linden Lab, or c) urgently needed to protect the safety of a website user, Second Life resident, or the public in general.[4408]

In contrast to its declared policy of non-disclosure; however, Linden reserves the right to sell or share user information in the event that the company files for bankruptcy or merges with another company.[4409] Linden provides users with the means to update and correct personal information they submit to the company,[4410] but it reserves the right to change its privacy policy and modify its disclosure practices,[4411] and a resident’s continued use of the product, according to Linden, operates as consent to any changes made.[4412]

Recently Linden began publicly releasing metrics on their users.[4413] Thus far, Linden has released six monthly “data dumps” that consist of aggregate information concerning Second Life’s resident population. The statistics included in each monthly installment consist of data related to the total number of hours spent in-world, the current “physical size” of the land in Second Life, economic data concerning the flow of Linden dollars, the total population of Second Life, the population broken down into residents’ countries of origin and the corresponding activity levels of those countries, and the activity of real-life age and gender groups within the resident population.[4414] As all of this information is in the form of aggregate statistics, none of it is personally identifiable or traceable to an individual user.

Although Linden makes no direct reference to in-world privacy concerns in the privacy policy, it does make some information on the subject available through its support portal.[4415] Linden gives users some suggestions in order to allow users to maximize their privacy within Second Life’s virtual world. Linden allows residents to choose to appear offline when another resident searches for them and to hide their online status and location, even from other residents that have been added as friends.[4416] In addition, Linden provides residents that own their own virtual land with some tools that allow them to block access by other users or avoid casual scrutiny. Linden allows residents to configure private islands for “geographical privacy” such that other residents cannot determine where a particular resident lives and it also allows those residents that own land to maintain “skyboxes” which allow them to hover at a level where normal users would not usually be able to find them.[4417] The in-world privacy protections offered by Linden do not function with respect to Linden itself. As such, residents do not have any option to hide their activities from the scrutiny of any resident with developer-level access to the virtual world.


Linden gives users some suggestions in order to allow them to maximize their privacy within Second Life’s virtual world. Linden allows residents to choose to appear offline when another resident searches for them and to hide their online status and location, even from other residents that have been added as friends.[4418] In addition, Linden provides residents that own their own virtual land with some tools that allow them to block access by other users or avoid casual scrutiny. Linden allows residents to configure private islands for “geographical privacy” such that other residents cannot determine where a particular resident lives and it also allows those residents that own land to maintain “skyboxes” which allow them to hover at a level where normal users would not usually be able to find them.[4419]

Although Linden supplies Second Life residents with means to shield themselves somewhat from other residents, Linden does not address the extent to which it has the ability to monitor a resident’s in-world activities. Linden has developer level access to Second Life’s virtual world and can freely make and change the rules of the game. Even if a Second Life resident cannot conduct close, omnipresent surveillance of users, there is nothing to prevent Linden from providing itself with the means to do so.


A Second Life user’s account name, which consists of a user created first and last name, is the same as the name of his or her in-world avatar.[4420] This setting is mandatory for all Second Life residents, cannot be changed or worked around and presents basic security problems. Preventing a resident from naming his avatar independently from his account registration removes a layer of security. Because a user’s in-world presence has the same name as his account name, anyone wishing to access that user’s account already possesses half of the required information, i.e. rather than having to determine the account name and password associated with a resident, anyone seeking illicit access to another’s account need only determine that user’s password.

Linden’s terms of service prohibit anonymous use of Second Life. When a user creates an account they are prompted for personal information,[4421] which, as mandated by the terms of service, must be accurate.[4422] Upon creation of an account, that user’s personal information is associated with their account name. Unfortunately, because a user’s account has the same name as his in-world representation,[4423] that user’s personal information is also directly associated with their in-world identity. Although other residents are not supposed to have access to personal registration information, there have been data breaches (although it is unclear whether the breached data was stored in association with account names).[4424] Linden’s policy against anonymous use prevents those users whose information Linden does not require for payment verification[4425] from safeguarding their real-life privacy and identity.

Avatar Privacy

Second Life residents have in-world privacy concerns related to the everyday activities of their avatars. Just as the citizens of real world countries seek to preserve privacy in their daily lives, Second Life residents have privacy interests grounded in the activities of their in world representations in addition to the their actual identities. While a Second Life resident may be concerned about having the activities of his avatar traced back to his real life identity, that resident may also be concerned independently about the identity and reputation of his avatar. This issue is particularly acute given the difficulty Linden presents users in changing their Second Life identity.

Because Linden charges users for maintaining separate accounts,[4426] a Second Life user is more likely to be tied to the identity of a single avatar. Furthermore, unlike the real world, the name of a Second Life resident is prominently displayed wherever his avatar is present. While one may be able to interact with others in the course of one’s daily life without ever having to disclose one’s name, a Second Life resident, whose avatar’s name is a more prominent part of his appearance than his clothing, does not have that option. Some who have studied this issue note that inhabitants of virtual environments may want to maintain separate identities and choose the identity they use by the context of their interaction with the environment; “As more people enter virtual worlds and find uses for them in their work, social and home lives, they're likely to adopt a number of virtual personas.”[4427]

Linden provides a few ways for users to protect the privacy of their avatars. Linden allows users to make themselves more difficult to find via Second Life’s in-world search feature, and, if users are found, Linden also provides some means to avoid harassment.[4428] Residents who own land can prohibit individual avatars from entering their land, and while in publicly accessible areas can “mute” other avatars in order to avoid seeing their public chatter or receiving private communications from those individuals.[4429] Finally, Linden allows residents to file abuse reports in order to appeal to the corporation for in-world help.[4430] Although abuse reports can be used to communicate any violation of the terms of service or community standards, they appear to be the primary recourse for physical in-world harassment (such as intentional blocking or interfering with the movement of another avatar), and Linden reports any action taken on the basis of these reports in a “police blotter” dedicated to Second Life.[4431]

Recent Developments

On September 8, 2006, Linden announced that its systems had fallen victim to a database breach.[4432] Although Linden’s official announcement did not reference the extent of the breach nor the type of data compromised, an independent report indicated that the breach, which occurred on September 6, 2006, affected the data associated with every Second Life resident.[4433] According to the report, the breach was associated with Linden’s payment database, and compromised resident’s names, addresses, contact information, and encrypted payment information.[4434]

Although the breach was deemed to be particularly serious because it compromised the mechanism through which thousands of Second Life residents extracted the profits from their in-world businesses,[4435] the released data could also be used to link a Second Life resident with his real life identity. It is unknown whether the personal user information was stored in association with resident account names. If it were stored in such a manner, then anyone who has access to the stolen information could associate a resident’s in-world identity with their real life identity. This is possible because a Second Life resident’s avatar has the same name as that users account. If such a connection were established then a resident would effectively lose his anonymity with respect to any resident that possessed the information and might be susceptible to blackmail[4436] or cyber stalking.

Recently Linden indicated a willingness to divulge information about Second Life residents to foreign law enforcement agencies.[4437] In 2007, a German television program conducted a sting operation within Second Life where it sent a reporter into the virtual world in order to receive invitations for pay-to-attend events where child pornography, both real and virtual, were to be distributed. In response to the report, Linden pledged to help authorities identify users and pass on details of their identity.

[4357] Second Life, What is Second Life?, July 2, 2007 <>. Linden Lab defines a “resident” as someone who has signed up to create an “avatar,” which is a digital representation that embodies a Second Life resident within its virtual world. As there can be more than one avatar per Second Life user account and more than one account per real individual, the number of residents as defined by Linden Lab may not accurately correspond to the number of real people using its product.
[4358] “comScore Finds that “Second Life” Has a Rapidly Growing and Global Base of Active Residents,” comScore, May 4, 2007 <>.
[4359] Second Life, Economic Statistics, July 2, 2007 <>.
[4360] Kevin Maney, “The king of alter egos is surprisingly humble guy”, USA Today, February 5, 2007, at 1B, available at <>.

[4361] Second Life, Own Virtual Land, July 2, 2007 <>.
[4362] Second Life, Have Fun, July 2, 2007 <>.

[4363] Second Life, Own Virtual Land, supra.
[4364] Second Life, Create Anything, July 2, 2007 <>.
[4365] Id.
[4366] Second Life, Economy, July 2, 2007 <>.
[4367] SL Market Summary, SL Currency Exchange, July 2, 2007 <>.
[4368] Second Life, Lindex Market Data, July 2, 2007 <> (navigate to 90 days on the graph feature at the top of the page).
[4369] Id.

[4370] Second Life, Economy, supra.
[4371] Michael Errard, A Boon to Second Life Language Schools: New technology will allow high quality audio in a virtual world, April 10, 2007 <>.

[4372] Wired 14.10: Second Life, Entertainment, Having Sex, October, 2006 <>.
[4373] Alan Sipress, Does Virtual Reality Need a Sheriff?, Washington Post, June 2, 2007, at A01, available at <>.
[4374] Posting of Bert-Jaap Koops to blog*on*nymity, You and Your Avatar: Having Second Life Thoughts on Anonymity and Identity, 11:59pm May 8, 2007 <>.

[4375] H.J. Cummins, Reality Growing in the Virtual World for Business and Government, February 1, 2007 <>.
[4376] Cari Simmons, Sweden opens virtual embassy 3-D style, May 30, 2007 <>.
[4377] Adam Reuters, Volunteer opens John Edwards area in SL, February 12, 2007 <>. David Berkowitz, Second Life Optimization, October 24, 2006 <>.
[4378] Enid Burns, “New Ad Network Integrates Digital and Outdoor Media,” April 16, 2007 <>.
[4379] Advertising Lab: future of advertising and advertising technology, Contextual Advertising in Second Life, April 24, 2007 <>.
[4380]In-world Advertising Network, Behavioral Targeting in Second Life, April 28, 2007 <>. Advertising Lab: future of advertising and advertising technology, Behavioral Targeting in Second Life, April 28, 2007 <>.

[4381] Privacy Policy, Your Consent supra.
[4382] Second Life, Privacy Policy, supra.

[4383] Second Life, Privacy Policy, How to Contact Us, July 9, 2007 <>.
[4384] Second Life, Privacy Policy, Individuals Outside of the United States, July 9, 2007 <>.

[4385] Federal Trade Commission Act, 15 U.S.C. § 45(a)(2).
[4386] Privacy Initiatives, Enforcement – cases, July 14, 2007 <>.
[4387] See In the matter of Gateway Learning Corp, Decision and Order, September 17, 2004, available at <>; See also In the matter of Microsoft Corporation, Decision and Order, December 12, 2002, available at <>.

[4388] Second Life, Privacy Policy, Information We Collect and How We Collect It, July 5, 2007 <>.
[4389] Second Life, Terms of Service, 2.1, July 6, 2007 <>.
[4390] Id.
[4391] Id.

[4392] Id.

[4393] Id.

[4394] Second Life, Terms of Service, 2.1, supra.
[4395] Id. at 2.2.
[4396] Children’s Online Privacy Protection Act, Pub. L. No. 105-277 (1998), available at <>; See also EPIC’s Children Online Privacy Protection Act (COPPA) Web Page <>.

[4397] Second Life, Join, July 13, 2007 <> (navigate to join, screen captures on file with EPIC).
[4398] Id.
[4399] Second Life, Terms of Service, supra.
[4400] Second Life, Join, supra (screen captures on file with EPIC).
[4401] Id. (screen captures on file with EPIC).
[4402] Id. (screen captures on file with EPIC).
[4403] Second Life, Terms of Service, supra.

[4404] Id.
[4405] Second Life, Own Virtual Land, supra.
[4406] Second Life, FAQ, How much does Second Life cost?, July 6, 2007 <> (explaining that additional accounts per user costs money).

[4407] Second Life, Privacy Policy, supra. (navigate to numeral 1).
[4408] Second Life, Privacy Policy, supra. (navigate to numeral 3).

[4409] Id.
[4410] Second Life, Privacy Policy, supra. (navigate to numeral 4).
[4411] Second Life, Privacy Policy, supra. (navigate to numeral 5).
[4412] Second Life, Privacy Policy, Your Consent, July 9, 2007 <>.

[4413] Posting of Meta Linden to, May 2007 Key Metrics <>.
[4414] Id. (navigate to the files linked at the top of the posting).

[4415] Second Life, Locations for support information, July 5, 2007 <> (navigate to the bottom of the screen and login in order to access the support portal).
[4416] Id. (after logging in search for privacy and select the entry entitled “How do I get some privacy in Second Life?”).
[4417] Id.

[4418] Second Life, Locations for support information, July 5, 2007 <> (navigate to the bottom of the screen and login in order to access the support portal) (after logging in search for privacy and select the entry entitled “How do I get some privacy in Second Life?”).
[4419] Id.

[4420] Second Life, Terms of Service, 2.3, July 6, 2007, <>.

[4421] Second Life, Privacy Framework, supra.
[4422] Id. at 2.1.
[4423] Second Life, Terms of Service, supra.
[4424] Martin H. Bosworth, Hackers Make Off With “Second Life” Data, September 10, 2007 <>.
[4425] Second Life, Privacy Framework, supra.

[4426] Second Life, Terms of Service, supra.
[4427] China Martens, Computer World: Singapore, ID malleability creates virtual-world issues, June 28, 2007 <>.

[4428] Locations for support information supra.
[4429] Id. (after logging in navigate to knowledge base and then to social tuff, and then to abuse and griefing and then to how do I keep people off of my land?)
[4430] Id.
[4431] Second Life | Community, Police Blotter, July 27, 2007 <>.

[4432] Second Life, Second Life Security Bulletin, September 8, 2007 <>.
[4433] Bosworth, supra.
[4434] Id.

[4435] Id.
[4436] David Lazarus, Real fear in a virtual world, San Francisco Chronicle, September 15, 2006 <>.

[4437] BBC News – Technology, Second Life ‘child abuse’ claim, May 9, 2007 <>.

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback